compliance-guard-cli

v1.0.6

Published

8 days ago

Automated SOC2 and Security Compliance Auditor

0High
0Medium
0Low

fullmoonstar

security audit soc2 compliance cli

ComplianceGuard Smart 🛡️

"The silent auditor for your codebase."

ComplianceGuard is a zero-config, CLI-first security auditor designed for fast-moving engineering teams. It scans your local environment, CI/CD pipelines, and cloud configuration for SOC2, GDPR, and ISO 27001 violations in real time.

Stop paying consultants $150/hr to read your logs. Let the Smart engine do it.

⚡ Quick Start (No Install Needed)

npx compliance-guard-cli audit .

This scans your current directory and generates a compliance-report.json containing your compliance score and actionable findings.

📊 Free vs Pro

| Feature | Community (Free) | Pro License ($499/mo) | | ------------------------------------------ | ---------------- | --------------------- | | Secret Scanning (AWS, Stripe, Google Keys) | ✅ | ✅ | | Dependency Analysis (CVE Check) | ✅ | ✅ | | Local File Audit (JSON Report) | ✅ | ✅ | | CI/CD Integration (Block PRs on failure) | ❌ | ✅ | | Auto-Fix (Smart-generated patches) | ❌ | ✅ | | PDF Certification Report (For Auditors) | ❌ | ✅ | | Continuous Daemon Mode | ❌ | ✅ |

Export to Sheets

💎 Upgrade to Pro Ready to pass SOC2 without the headache?

compliance-guard-cli config --license [email protected]

📋 Command Summary

| Environment | Command to Use | Why? | | ----------------- | ---------------- | ------------------------------------------------------------------ | | Local Laptop | watch (Daemon) | Real-time protection while coding. Catches mistakes instantly. | | CI/CD Pipeline | audit | Runs once, generates reports, fails the build if issues are found. | | Vercel / Railway | audit | Checks code during the build phase to prevent bad deploys. | | Report Generation | report | Generates the PDF certificate for auditors (requires audit first). |

📦 Installation

npm install -g compliance-guard-cli

🛠️ Usage

1. Basic Audit (Generates JSON)

Run a basic scan. If no flags are provided, it defaults to the local environment.

compliance-guard-cli audit .

Advanced Usage (Enterprise Context)

You can tag your audit with metadata. This data is embedded into the JSON report and the certified PDF.

compliance-guard-cli audit . --project "Backend-API" --env prod --instance "us-east-1"

--project: Name of the service (defaults to package.json name)
--env: Environment (e.g., local, dev, uat, prod, ci)
--instance: Instance ID or Region (useful for tracking specific deployments)

Output: compliance-report.json

2. Daemon Mode (Pro Only)

Real-time file monitoring that alerts you the moment a secret is saved.

compliance-guard-cli watch

Requires an active Pro license.

3. Generate Auditor Certificate (Pro Only)

Generates a signed PDF certificate based on the last audit. The status (COMPLIANT / NON-COMPLIANT) is derived directly from the scan results.

compliance-guard-cli report --format=pdf

Output: audit-certification.pdf

🚀 CI/CD & Cloud Integrations (All Platforms)

Pro Tip: We recommend saving both the JSON Report (for engineers) and the PDF Certificate (for auditors) as build artifacts.

Universal Rule: If your platform can run shell commands, ComplianceGuard can be enforced.

🐙 GitHub Actions

name: ComplianceGuard Audit
on: [push, pull_request]

jobs:
  compliance:
    runs-on: ubuntu-latest
    steps:
      - name: Step 1 - Checkout Repository
        uses: actions/checkout@v3
      
      - name: Step 2 - Install ComplianceGuard
        run: npm install -g compliance-guard-cli
      
      - name: Step 3 - Run Compliance Audit (Generates JSON)
        run: compliance-guard-cli audit . --project "GitHub-Repo" --env ci --instance "runner-${{ github.run_id }}"

      # --- PRO FEATURES (Report Generation) ---
      - name: Step 4 - Configure License
        run: compliance-guard-cli config --license ${{ secrets.COMPLIANCE_EMAIL }}
      
      - name: Step 5 - Generate PDF Certificate
        run: compliance-guard-cli report --format=pdf
      
      - name: Step 6 - Save Reports as Artifacts
        uses: actions/upload-artifact@v3
        with:
          name: compliance-artifacts
          path: |
            compliance-report.json
            audit-certification.pdf

🦊 GitLab CI

compliance_guard:
  stage: test
  image: node:18
  script:
    - npm install -g compliance-guard-cli
    - compliance-guard-cli audit . --env ci --project "GitLab-Project"
    - compliance-guard-cli config --license $COMPLIANCE_EMAIL
    - compliance-guard-cli report --format=pdf
  artifacts:
    paths:
      - compliance-report.json
      - audit-certification.pdf
    expire_in: 1 week
  allow_failure: false

🧱 Bitbucket Pipelines

pipelines:
  default:
    - step:
        name: ComplianceGuard Audit & Report
        image: node:18
        script:
          - npm install -g compliance-guard-cli
          - compliance-guard-cli audit . --env ci
          - compliance-guard-cli config --license $COMPLIANCE_EMAIL
          - compliance-guard-cli report --format=pdf
        artifacts:
          - compliance-report.json
          - audit-certification.pdf

🧰 Azure DevOps

trigger:
- main

pool:
  vmImage: ubuntu-latest

steps:
- checkout: self
  displayName: Step 1 - Checkout Code

- script: npm install -g compliance-guard-cli
  displayName: Step 2 - Install ComplianceGuard

- script: compliance-guard-cli audit . --env ci --project "Azure-Repo"
  displayName: Step 3 - Run Audit (Generates JSON)

- script: |
    compliance-guard-cli config --license $(COMPLIANCE_EMAIL)
    compliance-guard-cli report --format=pdf
  displayName: Step 4 - Generate PDF Certificate

- task: CopyFiles@2
  displayName: Step 5 - Stage Artifacts
  inputs:
    Contents: |
      compliance-report.json
      audit-certification.pdf
    TargetFolder: '$(Build.ArtifactStagingDirectory)'

- task: PublishBuildArtifacts@1
  displayName: Step 6 - Publish Artifacts
  inputs:
    PathtoPublish: '$(Build.ArtifactStagingDirectory)'
    ArtifactName: 'ComplianceReports'

🟦 AWS CodeBuild

version: 0.2
phases:
  install:
    commands:
      - echo "Step 1 - Install ComplianceGuard"
      - npm install -g compliance-guard-cli
  build:
    commands:
      - echo "Step 2 - Run Audit"
      - compliance-guard-cli audit . --env ci
      
      # --- PRO FEATURES ---
      - echo "Step 3 - Generate Certificate"
      - compliance-guard-cli config --license $COMPLIANCE_EMAIL
      - compliance-guard-cli report --format=pdf

artifacts:
  files:
    - compliance-report.json
    - audit-certification.pdf
  name: ComplianceReports

🟧 Google Cloud Build

steps:
  - name: node:18
    id: Step-1-Install-And-Audit
    entrypoint: bash
    args:
      - '-c'
      - |
        npm install -g compliance-guard-cli
        compliance-guard-cli audit . --env ci --project "GCP-Build"
        
        # --- PRO FEATURES ---
        compliance-guard-cli config --license $$COMPLIANCE_EMAIL
        compliance-guard-cli report --format=pdf
    secretEnv: ['COMPLIANCE_EMAIL']

artifacts:
  objects:
    location: 'gs://your-audit-bucket/reports/'
    paths:
      - 'compliance-report.json'
      - 'audit-certification.pdf'

availableSecrets:
  secretManager:
  - versionName: projects/PROJECT_ID/secrets/COMPLIANCE_EMAIL/versions/1
    env: 'COMPLIANCE_EMAIL'

▲ Vercel

To audit your Vercel deployments, override the Build Command in Project Settings.

Method 1: Dashboard Override

Set Build Command to:

npm install -g compliance-guard-cli && compliance-guard-cli audit . --env prod && npm run build

Method 2: `vercel.json`

{
  "buildCommand": "npm install -g compliance-guard-cli && compliance-guard-cli audit . --env prod && npm run build"
}

🚂 Railway

To audit Railway services, use a custom build command or railway.toml.

Method 1: Custom Build Command

npm install -g compliance-guard-cli && compliance-guard-cli audit . --env prod && npm run build

Method 2: `railway.toml`

[build]
builder = "NIXPACKS"
buildCommand = "npm install -g compliance-guard-cli && compliance-guard-cli audit . --env prod && npm run build"

🟥 Jenkins

pipeline {
  agent any
  environment {
    COMPLIANCE_EMAIL = credentials('compliance-email-secret')
  }
  stages {
    stage('Install & Audit') {
      steps {
        sh 'npm install -g compliance-guard-cli'
        sh 'compliance-guard-cli audit . --env ci'
      }
    }
    stage('Generate Report') {
      steps {
        sh 'compliance-guard-cli config --license $COMPLIANCE_EMAIL'
        sh 'compliance-guard-cli report --format=pdf'
      }
    }
  }
  post {
    success {
      archiveArtifacts artifacts: 'compliance-report.json, audit-certification.pdf', fingerprint: true
    }
  }
}

🧩 CircleCI

version: 2.1
jobs:
  compliance:
    docker:
      - image: node:18
    steps:
      - checkout
      - run:
          name: Install & Audit
          command: |
            npm install -g compliance-guard-cli
            compliance-guard-cli audit . --env ci
      - run:
          name: Generate PDF Report
          command: |
            compliance-guard-cli config --license $COMPLIANCE_EMAIL
            compliance-guard-cli report --format=pdf
      - store_artifacts:
          path: compliance-report.json
      - store_artifacts:
          path: audit-certification.pdf
workflows:
  compliance_workflow:
    jobs:
      - compliance

🐳 Docker

Note: To extract the reports from Docker, you must mount a volume so the files persist on your host machine. This command saves both the JSON Report and PDF Certificate.

# 1. Build
docker build -t compliance-guard .

# 2. Run (Mount current directory to /app to save JSON & PDF)
docker run --rm -v $(pwd):/app -e [email protected] compliance-guard /bin/sh -c "compliance-guard-cli config --license \$COMPLIANCE_EMAIL && compliance-guard-cli audit . --env prod && compliance-guard-cli report --format=pdf"

☸️ Kubernetes Job

apiVersion: batch/v1
kind: Job
metadata:
  name: compliance-guard
spec:
  template:
    spec:
      containers:
        - name: compliance-audit
          image: node:18
          command: ['sh', '-c']
          args:
            - |
              npm install -g compliance-guard-cli
              compliance-guard-cli config --license $COMPLIANCE_EMAIL
              # Audit with Metadata tags for K8s cluster
              compliance-guard-cli audit . --env prod --instance "k8s-cluster-1"
              compliance-guard-cli report --format=pdf
              
              # IMPORTANT: You must handle artifact upload here (e.g., to S3/GCS)
              # or the 'compliance-report.json' and 'audit-certification.pdf'
              # will be lost when the pod terminates.
          env:
            - name: COMPLIANCE_EMAIL
              valueFrom:
                secretKeyRef:
                  name: compliance-secrets
                  key: email
      restartPolicy: Never

🏗️ Terraform / IaC (Pre-Apply)

npm install -g compliance-guard-cli
compliance-guard-cli config --license $COMPLIANCE_EMAIL

# Run audit before applying infrastructure
compliance-guard-cli audit . --env stage --project "Infrastructure"
compliance-guard-cli report --format=pdf

if grep -q "CRITICAL" compliance-report.json; then
  echo "❌ BLOCKING DEPLOY: Critical security issues found."
  exit 1
fi

terraform apply

🌍 Pulumi

npm install -g compliance-guard-cli
compliance-guard-cli config --license $COMPLIANCE_EMAIL

# Run audit before applying infrastructure
compliance-guard-cli audit . --env stage --project "Infrastructure"
compliance-guard-cli report --format=pdf

if grep -q "CRITICAL" compliance-report.json; then
  echo "❌ BLOCKING DEPLOY: Critical security issues found in infrastructure code."
  exit 1
fi

pulumi up

💎 Upgrade to Pro

Ready to pass SOC2 without the headache?

compliance-guard-cli config --license [email protected]

🔐 Security & Privacy

We do not read your code. All scans run locally on your machine.

We do not upload your files. Only anonymized metadata (issue counts) is sent for license validation.

Zero-Knowledge by design. Your secrets remain yours.

Automated by ComplianceGuard Smart.

⚖️ Legal Disclaimer & Terms of Use

PLEASE READ CAREFULLY:

No Legal Advice

ComplianceGuard is a software tool provided for informational and operational assistance only. The reports, scans, alerts, scores, and other data generated by this tool do not constitute legal advice, formal compliance certification, or a guarantee of security, regulatory compliance, or audit readiness.

You should always consult with a qualified legal, security, or compliance professional for advice specific to your organization, especially regarding SOC2, GDPR, ISO 27001, or other regulatory or contractual obligations.

Limitation of Liability

To the maximum extent permitted by applicable law (including GDPR, state, federal, and international laws), the authors, maintainers, contributors, and distributors of ComplianceGuard shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages.

This includes, but is not limited to, damages for loss of profits, business interruption, loss of goodwill, loss of use, loss of data, security incidents, audit failures, or other intangible losses, even if advised of the possibility of such damages.

No Warranty

This software is provided "AS IS" and "AS AVAILABLE", without warranty of any kind, whether express, implied, statutory, or otherwise.

This includes, without limitation, any implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, or completeness.

User Responsibility

You are solely responsible for ensuring that your code, systems, infrastructure, and business practices comply with all applicable laws, regulations, standards, and contractual requirements.

Use of ComplianceGuard does not transfer or reduce legal, regulatory, or operational responsibility from the user to the creators or maintainers of the software.